News:

Want to get involved in developing SMF, then why not lend a hand on our github!

Main Menu

How to remove Forgot your password? link from login box?

Started by abrodski, August 30, 2016, 01:34:33 PM

Previous topic - Next topic

Matthew K.

SMF tries to follow the MVC design-pattern. Meaning you'd want routing in the controller (the source file). So I'd actually put that code in `./Sources/Reminder.php`.
Quote from: Pipke on August 30, 2016, 05:34:30 PM
Quote from: Matthew K. on August 30, 2016, 05:11:01 PM
They can just as easily still hit: index.php?action=reminder without a link. Doesn't remove that.

To solve that you can also use this under the first global var line in Reminder.template.php


if (empty($context['user']['is_admin']))
redirectexit();


Matthew K.

Oh really? If he's really worried about security, it's actually not that unlikely. You could find it with a search, or if you knew anything about how SMF handled it's routing.
Quote from: Sir Osis of Liver on August 30, 2016, 05:16:11 PM
Unlikely anyone would know that, but just in case -

index.php



// 'reminder' => array('Reminder.php', 'RemindMe'),



Just comment out or delete that line.


abrodski

Quote from: Sir Osis of Liver on August 30, 2016, 05:21:20 PM
It's the main actions array in root index.php.

Now there's another strange issue. Even after deleting that line in index.php file and if someone gets here:

index.php?action=reminder

they can see Forum Stats and Users Online

P.S. I'd cleared browser's cache before I tried that.

abrodski

Quote from: Pipke on August 30, 2016, 05:34:30 PM
Quote from: Matthew K. on August 30, 2016, 05:11:01 PM
They can just as easily still hit: index.php?action=reminder without a link. Doesn't remove that.

To solve that you can also use this under the first global var line in Reminder.template.php


if (empty($context['user']['is_admin']))
redirectexit();


Frankly, I don't undestand what should be done. We're talking about this file, right?

Themes/default/Reminder.template.php

If so, then what exactly should be done in it? I have no idea what first global var is. That code above... what exactly I should do with it and where in that file?

Pipke

yes

find this in that file


function template_main()
{
global $context, $settings, $options, $txt, $scripturl;

echo '


and make it that it looks like this


function template_main()
{
global $context, $settings, $options, $txt, $scripturl;

if (empty($context['user']['is_admin']))
redirectexit();
echo '


or in Sources/Reminder.php ( to me i dont see wich one is better!, maybe loading/speed time, or some other pitty thingy)

Code (find) Select

function RemindMe()
{
global $txt, $context;

loadLanguage('Profile');
loadTemplate('Reminder');


to

Code (replace with) Select

function RemindMe()
{
global $txt, $context;

if (empty($context['user']['is_admin']))
redirectexit();

loadLanguage('Profile');
loadTemplate('Reminder');

"If something is wrong, fix it if you can. But train yourself not to worry: Worry never fixes anything."

Click here to view my mods for SMF

Hey 👋 Did i helped... you like what i do. You can now buy me a coffee! ☕

abrodski

Thanks for your reply!

But I think after I've done what Sir Osis of Liver told me to do in index.php file, it's the same thing, basically. Even before Pipke's advice and after that correction in index.php file, one couldn't get to password reminder box.
So is it a redundant to do BOTH?

Also my question still stands as per how to get rid of flashing forum's stats and users online to anyone who as a guest goes to

/index.php?action=reminder

Pipke

Quote from: abrodski on August 30, 2016, 06:09:54 PM
Also my question still stands as per how to get rid of flashing forum's stats and users online to anyone who as a guest goes to

/index.php?action=reminder

use then the code i posted
"If something is wrong, fix it if you can. But train yourself not to worry: Worry never fixes anything."

Click here to view my mods for SMF

Hey 👋 Did i helped... you like what i do. You can now buy me a coffee! ☕

abrodski

Quote from: Pipke on August 30, 2016, 06:15:57 PM
Quote from: abrodski on August 30, 2016, 06:09:54 PM
Also my question still stands as per how to get rid of flashing forum's stats and users online to anyone who as a guest goes to

/index.php?action=reminder

use then the code i posted

Thanks a lot! You're right. When I did it in two places like you said, it doesn't show anything anymore, just brings me to the forum's base URL, so when I go to

mysite.com/forum/ index.php?action=reminder

I get to

mysite.com

Kindred

Well, you have provided the answer ---   However, I disagree with the ethical action in doing so. just saying.

I don't know about Russian law -- but I am fairly certain that doing that will violate certain Canadian and EU laws.
Слaва
Украинi

Please do not PM, IM or Email me with support questions.  You will get better and faster responses in the support boards.  Thank you.

"Loki is not evil, although he is certainly not a force for good. Loki is... complicated."

abrodski

Quote from: Kindred on August 30, 2016, 07:18:46 PM
Well, you have provided the answer ---   However, I disagree with the ethical action in doing so. just saying.

I don't know about Russian law -- but I am fairly certain that doing that will violate certain Canadian and EU laws.

What's so unethical that a customer agrees not to be able to register or change his credentials? He can always choose another company to buy services from. My company has every right (legal and moral) to set its security procedures. It's OUR reputation and OUR revenue is on the line after all.

Then don't do it in EU or Canada. Why would I care what's allowed or not in EU, if even Victoria Nuland ( Assistant Secretary of State for European and Eurasian Affairs at the United States Department of State) said whatever she said about the EU. Just google it. It's fun!
There're a lot of silly laws. Like the one in EU that requires you to show that stupid "Cookie warning". Does absolutely nothing, just makes you do an extra mouse click. That's all.

Matthew K.

I do see your point IF you are the only one registering members. All good in my mind then.

Advertisement: